Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1906

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

Published

2009-06-03T21:00:00.280

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.1 Yes
Application ibm db2 9.5 Yes
Application ibm db2 9.5 Yes
Application ibm db2 9.5 Yes
References